NXLog Docs

Windows Event ID

What is a Windows Event ID?


Windows Event ID is a unique event identifier associated with each event in Windows Event Log. The Event ID determines the reason for every event logged. Event IDs are unique per source but are not globally unique; therefore, different sources may use the same event ID to identify unrelated operations.

Event IDs are the sliced bread of logging. Microsoft did a great job with the framework it created for Windows Event Log, even if it only gives a partial overview of what is happening on a particular system. You can view the logs in Windows Event Log and their associated Event IDs in the Event Viewer MMC snap-in included in Windows.

In the world of NXLog

As most corporate networks run on Windows (well, at least the less secure parts where the users are) and a Windows Domain Controller serves their directory services, Event IDs are essential to logging from these systems. Setting up your log collection based on Windows Event IDs is an obvious strategy, as plenty of resources provide a wealth of knowledge about them on the internet. And it is even easier if you have the right log collection tool to do it.

NXLog can directly collect logs from the native API of the Windows Event Log framework, meaning that it does not need any intermediate software or does not need to write down the logs with one technology and re-read them with another. What NXLog uses is the most efficient way of doing it. And on top of that, NXLog can be configured to collect logs from Windows Event Log based on their Event IDs; you only need to configure which Event IDs you want to collect from which event channel.

Known as

Windows Event ID, event id, eventid


Security logging on Windows - beyond 4625
Top 5 Windows Security logs everyone should collect
Windows Event Log collection in a nutshell
Event IDs to monitor
Event Log for Windows 2008/Vista/later (im_msvistalog)

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z